Generating Electronic Signature with SSO Login
Since version 20.11-LTS (Carmen) codeBeamer is able to generate an electronic signature for users with SSO and default login too.
All features that need an electronic signature are using the same generation mechanism.
There is always a button that indicates the signature generation process.
- Generate Signature button
- Regenerate Signature button
- Start signature process button
- Sign & (Approve/Reject) button
A popup window opens after the button click to identify the current user with credentials. Depending on the user's login mechanism either an SSO identity provider's login screen or the default codeBeamer login screen will appear. (If the user is able to login with default credentials and SSO too, then the SSO login screen will appear)
Prerequisite
SAML
forceAuthn parameter MUST be supported
A boolean value of "true" or "false" that indicates whether the request generated by the service provider should include an option to bypass an existing security context and require explicit user interaction during authenticaton to the identity provider.
OpenID
prompt parameter MUST be supported
login The Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot reauthenticate the End-User, it MUST return an error, typically login_required.
Default CB login screen
For not FDA-compliant industries (e.g.: automotive) it is acceptable that the username is prefilled in the login popup.
In that case, there is an Application Configuration option to enable to prefill the current user's username:
"signature" : {
"usernameRequired" : true (default) / false
},
An example SSO login screen
This screen is provided by your identity provider.
Force Authenticate users with SSO
To be FDA compliant, and force the user to enter the combination of their user name and password, your identity provider has to support forced re-authentication with the option prompt=login.
promt=login
Regardless of the current user authentication state, the Authorization Server SHOULD prompt the End-User for reauthentication. If it cannot prompt the End-User, it MUST return an error.
https://tools.ietf.org/id/draft-hunt-oauth-v2-user-a4c-01.html#Authentication_Request
Google OAuth does not support forced re-authentication
There is no promt=login value for Google OAuth 2.0. at the time of writing this documentation (possible values are none/consent/select_account).
https://developers.google.com/identity/protocols/oauth2/openid-connect#prompt
Regenerate Signature
Most of the features that are using the signature generation enabling the user to regenerate the signature if that is needed. There is an icon for that purpose next to the "Successfully signed" label:
Clicking that icon will restart the signature generation process.
Features that are using the signature generation
"Start a new review" action
Baselines
Mass Edit
Tracker Template Change
Sign Review By User
Restart Review for User
Finish Review / Set Statuses / Reset Review